With rise in cybercrime, businesses are increasingly being impacted not only on the financial front but also see irreversible damage to their brands and market reputation
The use of technology has become an integral part of our lives. While technology has made life in the corporate world a lot easier, it has also led to increasing threats of cybercrime. The advent of hand held devices such as smartphones and PCs has just raised the risk manifold. In a digital age, where online communication has become the norm, internet users and governments face increased risks of becoming the targets of cyber attacks and in some cases from their own employees.
In view of the alarming rise in cybercrime, KPMG in India released the report on ‘India Cybercrime Survey 2014’. The survey provides a summary on the complexity of cybercrime and the measures that organizations should take to mitigate such crimes, while creating awareness on what one should do to prevent such attacks. Over 170 participants of the likes of CIOs, CISOs and related professionals from across India responded to the survey. About 75 per cent of the participating organizations have more than 1,000 employees.
“With rise in cybercrime, businesses are increasingly being impacted not only on the financial front but also see irreversible damage to their brands and market reputation. As a result of this growing threat, there is a significant need for corporates to recognize cyber threats and craft cyber response plans. KPMG has released the cybercrime survey report, with a view to provide insights to senior level management/Board of Directors and guidance to policy makers on various aspects of managing cybercrime,” said Mritunjay Kapur, Partner and Head of Risk Consulting practice, KPMG in India.
Highlights of the survey
Cyber-attackers can be classified broadly into internal and external sources based on various aspects such as their qualifications, skill levels, age group and motivations. Internal sources include disgruntled employees, managed services personnel and malicious personnel (focused on industrial/commercial espionage), while external sources include cyber terrorists (focused on defacement), professional hackers/hacking crime syndicates and novice hackers.
About 47 per cent of the respondents indicated that the risk of cyber attack is perpetrated by both internal as well as external intruders. Although 37 per cent of the respondents feel that the risk of cyber attacks comes from an external source, it is imperative that organisations keep a track of insiders with malicious intent or professional intruders constantly seeking access to sensitive information.
Businesses suffer the most when cybercrime attacks take place. While 58 per cent indicated that cybercrime attacks are now taking the shape of an organized crime for illicit financial gains / money or to cause unsolicited malicious damage, a whopping 71 per cent of the respondents recognize that access to a company’s confidential information is the foremost value gained by the perpetrator from the attack.
About 51 per cent perceive themselves to be an easy target for cyber attacks due to the nature of their business, 48 per cent of the respondents indicated that they suffer disruption of their business processes and reputation damage as a result of a cyber attack. Cyber attacks have often led to financial losses (either direct or indirect) as indicated by 45 per cent of our survey respondents. A majority of the respondents (68 per cent) indicated that they suffered ‘less than Rs 1 lakh’ in terms of financial loss due to cybercrime attacks.
What can companies do?
The report suggests certain detection measures and controls: “Logging of critical events and monitoring central security incidents and events can strengthen the technology detection measures. 24/7 standby crisis organization and monitoring can be an excellent tool to detect strange patterns in data traffic, identify where attacks converge and observe system performance. This way, information security becomes a continuous process and organizations are enabled to proactively anticipate instead of reactively act on incidents.”
Companies would do well to stick to the age-old adage, prevention is better than cure.